Hello everyone!
Welcome to FreeITSecurityTraining.com. I’ve decided to create a community-supported free IT security training portal. If you have resources for *free* training, please take a few minutes to register and post links to your favorite free training resources. Let’s keep things legitimate/legal (according to U.S. laws), so please don’t post copyrighted information.
Here are a few examples of training types to post:
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+
- Certified Ethical Hacker (CEH)
- Systems Security Certified Practitioner (SSCP)
- Security Certified Network Specialist (SCNS)
- Security Certified Network Professional (SCNP)
- Security Certified Network Architect (SCNA)
- Computer Hacking Forensic Investigator (CHFI)
- Cisco Certified Security Professional (CCSP)
- Qualified Wireless Analyst and Defender (QWAD)
- GIAC Security Audit Essentials (GSAE)
- GIAC Information Security Professional (GISP)
- GIAC Certified Incident Manager (GCIM)
- GIAC Information Security Fundamentals (GISF)
- GIAC Security Essentials Certification (GSEC)
- GIAC Certified Penetration Tester (GPEN)
- GIAC Certified Firewall Analyst (GCFW)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Windows Security Administrator (GCWN)
- GIAC Certified UNIX Security Administrator (GCUX)
- GIAC Certified Forensics Analyst (GCFA)
- GIAC Securing Oracle Certification (GSOC)
- GIAC Reverse Engineering Malware (GREM)
- GIAC Assessing Wireless Networks (GAWN)
- GSSP Secure Software Programmer - C (GSSP-C)
- GSSP Secure Software Programmer - Java (GSSP-JAVA)
- BackTrack training
- Any network security training
- Any forensic analysis training
- Any web application security audit training
Once we get a reasonable number of responses, I hope to organize the links in an easy-to-use format categorized by training type.
-Scott (scott@freeitsecuritytraining.com)
Security Training Search:
July 14th, 2008 — Announcements
The OpenFISMA project is an open source application designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). While many security managers are eager to demonstrate their best practices for incident response, patch management, and configuration management, they are overwhelmed with the reporting and documentation requirements of FISMA. You can download our released software right away or peruse the current documentation.
OpenFISMA is built on the Zend Framework which is an open source, object oriented, web application framework with a flexible architecture. ZF is often referred to as a ‘component library’ because it has many loosely coupled components that you can use more or less independently. However, Zend Framework also provides a core model-view-controller (MVC) implementation that you can use to provide basic ‘best practices’ structure to web applications.
June 7th, 2008 — Training
Templora provides a tutorial on “Basic PHP Script Security.”
http://templora.com/content/14
Topics covered include:
SQL Injection
XSS Attacks
CSRF Attacks
PHP variable insertion
Input Validation
May 30th, 2008 — Training
Dan Dickerman from the IRS Criminal Investigation, Electronic Crimes Program, provided several presentations on computer forensics topics:
Advanced Data Carving
Advanced Data Carving: New Directions in Data Carving Techniques
Using VMWare in Digital Forensic Investigations
RAID Rebuilding
Unfortunately, these slides don’t include Dan’s narration, but they’re detailed enough that you can get a good understanding of each topic on your own. Any remaining questions are a simple task for Google.
May 30th, 2008 — Papers
CERT.org offers an advanced guide to computer forensics:
First Responders Guide to Computer Forensics: Advanced Topics
They cover log file analysis, Microsoft Log Parser, running processes, automated process collection, and many other topics.
May 30th, 2008 — Papers
May 11th, 2008 — Announcements
If you have a request for specific types of training, please feel free to send me an email. I’ll try to find it for you.
-Scott (scott@freeitsecuritytraining.com)
May 6th, 2008 — Announcements
If you have an account on LinkedIn, you can join the FreeITSecurityTraining LinkedIn group.
Thanks for all your support!
-Scott (scott@freeitsecuritytraining.com)
May 5th, 2008 — Training
I just stumbled upon a great video training resource: The Academy
They have a nice collection of security videos including:
IronPort (Anti-Spam)
Sophos (Anti-Virus)
AccessData (Forensics)
Nessus, Nmap, Netcat, Metasploit, Cain & Abel (Vulnerability Assessment / Penetration Testing)
GIAC Systems and Network Auditor (GSNA)
May 4th, 2008 — Test Info
CramSession offers CISSP study tips, what you need to know when you’re going to take the exam, and information about the CISSP exam itself.
*Update*
CramSession also offers a free CISSP exam study guide courtesy of PrepLogic.
You have two options to receive it:
1) Download the study guide directly
or
2) Sign up for a free CramSession account (or use BugMeNot to avoid the compulsory registration) and download the CISSP training after clicking ‘not interested’ to all their sponsor sites.
May 1st, 2008 — Papers, Training
milw0rm.com hosts many security-related videos and papers for free:
[Papers]
Lateral SQL Injection: A New Class of Vulnerability in Oracle
Security Implications of Windows Access Tokens
802.11 Attacks
[Videos]
Packet sniffing with Ettercap (arp spoofing basics)
Anonymous Voice Vlan Hack
How to Make Files Undetected by AVs
Howto using aircrack-ptw WEP cracking tool
Advanced Mysql Injection in Joomla